Written By Nanda Journey on Senin, 12 Maret 2012 | 20.45

EDIT 03/11/2011: Google is now showing a new box bellow the +1 button making the attack less effective. I don’t know if we can hide this box, I don’t have the time neither the motivation to work on it right now.
Well it looks like the twitter clickjacking attack I published this morning on the new twitter follow button works also on google plus1 button.
You need to have enable the +1 feature on your google account before trying the exploit, because the first time you +1 a page, google will popup a window to activate the feature. You can enable the feature by clicking on the +1 button bellow.
After you can try the +1 exploit here, click everywhere on the page and it will +1 the page without poping up a window. The button is partially hidden but it can be totally hidden. The victim need to be logged on Google unless it won’t work (popup).
The code is exactly the same of the twitter follow button.